The cybersecurity skills gap continues to dominate conversations across the industry as business leaders attempt to find a resolution. Brett Candon, VP International of Cyware, explores how and why automation could be the answer to solving the seemingly unsolvable.
The cybersecurity skills gap has become one of technology’s most challenging recurring themes in recent years. It has developed at a particularly difficult time given the rising volume, sophistication and success of threat actors. The issues impact organisations of all shapes and sizes, with one recent UK Government Labour Market Report revealing that 50% of all UK businesses have a basic cybersecurity skills gap and 33% have an advanced gap.
This translates to a situation where, this year, 37% of cybersecurity job vacancies were defined as ‘hard-to-fill’, with an overall shortfall of 11,200 people needed to meet workforce demand in the UK alone. Scale that to an international level and it’s easy to see why the global talent gap remains such a significant issue.
For organisations that rely on SOC teams to address daily cybersecurity threats and vulnerabilities, any talent gaps present concerns. As those responsible for the detection, investigation and mitigation of cyber threats, they need the right people in place who can focus on everything from threat intelligence and incident analysis to intrusion detection and incident response.
In recent years many organisations have turned to automation in an attempt to solve – or at least reduce – the problem. There is a widely-reported misconception that automation will replace workers and jobs will be lost – but nothing could be further from the truth. By automating routine tasks, cybersecurity professionals are freed up to focus on more complex and strategic tasks, leading to faster resolution times for security incidents.
The growing strain on cybersecurity professionals
Given the underlying talent shortfall, it’s not surprising that many SOC teams are understaffed and struggle to cover all the cybersecurity bases. This situation is aggravated by the sheer volume of alerts and log data that need to be analysed – a to-do list that, for many working in the industry, has become both time-consuming and repetitive. This is part of a concerning picture that saw two-thirds of cybersecurity professionals reporting that they had experienced burnout last year, according to research. As well as the serious risks this poses to individual well-being, there are knock-on effects, including the potential for missing out on critical threats and the subsequent damage that can be caused.
So, what can be done to balance the need for better security with employee well-being in an industry sector where the talent shortfall currently sits at 3.5 million people globally?
In many cases, the solution depends on the wider implementation of effective automation technologies. By bridging the resource gap for under-strength security teams, automation can also help deliver improved productivity when applied to tasks such as threat intelligence sharing, hunting and response – among others.
Empowering SOC teams with advanced automation
In practical terms, today’s most capable security automation platforms help address a range of issues, including those caused by repetitive and mundane tasks. The approach includes the use of orchestration technologies that collect data from disparate sources, from which automation tools can help execute the appropriate alerts and incident response processes using pre-defined playbooks. This not only boosts efficiency and accuracy, but it frees experienced and hard-to-find security professionals to address productivity challenges and the problems associated with fatigue and burnout.
This also plays into the idea that SOC teams often need to do more with less – a particularly important capability for organisations with a requirement to orchestrate security across cloud-based, on-premises or hybrid infrastructure. By selecting a vendor-agnostic security automation solution, disparate security tools and services can be seamlessly integrated without the need for additional orchestration layers. By adopting low-code automation technologies, security teams are empowered to efficiently build custom workflows even when they don’t have coding skills or experience.
As well as building a more effective security posture, effective automation should also help teams focus on improving ROI, not least because of its scope for improving the scalability and efficiency of security workflows. For example, modern security automation platforms centralise the entire detection, analysis and response workflow from a single console, contributing to improved team visibility and productivity. This can include the removal of false positives and noise while also building better integration between external threat intelligence, internal threat intelligence and suspicious incidents. Armed with this insight, SOC teams are better placed to proactively identify, triage and mitigate threats in real time – a set of capabilities which can improve both Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) performance.
In today’s digitally transforming world, organisations must mitigate threats across environments more quickly than ever and without hampering operations. Automation fulfils these needs by orchestrating threat data workflows and processes across on-premise and cloud security tools. This improves SOC productivity and enables more proactive threat prevention by analysing data from diverse sources like cloud security, forensics, malware analysis, vulnerability management, data enrichment, threat intelligence, incident response and endpoint security – all from a central point. This high level of visibility and control facilitates effective response without the need to use different consoles, freeing security teams to prioritise critical tasks so they can move beyond incident management to proactively address malware, vulnerabilities and threat actors more effectively.
Click below to share this article
